Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Spotify block through override not taking effe...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Spotify block through override not taking effect
I'm having an odd issue with Application Control (Blocking Spotify) on an outgoing client policy on 6.2. Wondering if anyone would have any insight to what I may be missing?
The application control profile has Spotify added as an override with Block as the action. When I check the logs and filter Spotify it appears with pass as the action.
I've confirmed through these records that it is the correct policy which has the profile with the override in it that is being applied to that traffic.
Is there anything else in the app control profile that needs to be done other than adding the override block in order for that to work?
Screenshots linked below. Thanks.
https://www.dropbox.com/s/nomrodlithgsvnf/spotify1.PNG?dl=0
https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0
Labels:
- Labels:
-
6.2
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
22 REPLIES 22
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Enable "Network Protocol Environment" option from this screenshot. https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0
It'd help you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hubertzw wrote:You need the policy with Application Control with action 'block'. I see your policy 27 has action 'pass'.
I just test it and it works fine on 6.2:
date=2019-06-24 time=23:46:49 logid="1059028705" type="utm" subtype="app-ctrl" eventtype="app-ctrl-all" level="warning" vd="root" eventtime=1561445209 appid=17405 srcip=10.0.1.10 dstip=104.154.127.47 srcport=49642 dstport=443 srcintf="port3" srcintfrole="undefined" dstintf="port1" dstintfrole="undefined" proto=6 service="HTTPS" direction="outgoing" policyid=1 sessionid=1917 applist="spotify-test" appcat="Video/Audio" app="Spotify" action="block" hostname="www.spotify.com" incidentserialno=1399263240 url="/" msg="Video/Audio: Spotify," apprisk="medium"
See below 2 screenshots which have the override as blocks. Surely the IPv4 Policy "27" isn't meant to be action of "DENY"?
https://www.dropbox.com/s/1mlqf5g15kddmgi/spotify2.PNG?dl=0
https://www.dropbox.com/s/d0s0arkt5e4qeod/spotify3.PNG?dl=0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, my mistake, the firewall policy action can be 'allow' of course. The one scenario I tested is like your one and in my case it works fine:
FortiOS v6.2.0 build0866 (GA)
config firewall policy
edit 1
set name "Full_Access"
set uuid b11ac58c-791b-51e7-4600-12f829a689d9
set srcintf "port3"
set dstintf "port1"
set srcaddr "LOCAL_SUBNET"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set logtraffic all
set fsso disable
set application-list "spotify-test"
set ssl-ssh-profile "custom-deep-inspection"
set nat enable
next
end
edit "spotify-test"
set comment ''
set replacemsg-group ''
set extended-log disable
set other-application-action pass
set app-replacemsg enable
set other-application-log enable
set enforce-default-app-port disable
set unknown-application-action pass
set unknown-application-log disable
unset p2p-black-list
set deep-app-inspection enable
set options allow-dns
config entries
edit 1
set application 17405
set action block
set log enable
set log-packet disable
set rate-count 0
set session-ttl 0
set quarantine none
next
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi! I just wonder how's it going now
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for bumping into an old conversation. Based on what you've said, it seems like you've done everything correctly regarding adding the override block for Spotify in the app control profile. However, it's still passing through instead of being blocked. It's hard to say exactly what might be causing the issue. I hope you get it fixed, as Spotify is a great platform; I even stream my songs and buy Spotify plays there to get popular. Let us know how it goes!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I understand how frustrating things can be when things don't work as expected. When dealing with Application Control on version 6.2, it's essential to double-check your settings. Apart from adding the Spotify override with the "Block" action, ensure no conflicting rules or conditions in the profile might affect the outcome.
You should also look into the order of the rules and confirm that the policy with the override is indeed being applied correctly.
By the way, you can also buy Spotify plays to promote your music there. Songlifty offers a service to buy Spotify plays, which can help boost your tracks and reach a wider audience!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey There,
It seems like you've encountered a peculiar challenge with Application Control, specifically related to blocking Spotify through an override. Despite setting the override with a "Block" action in the application control profile, the logs indicate a "Pass" action for Spotify. You've diligently confirmed that the correct policy, containing the profile with the override, is applied to the traffic in question. To troubleshoot, consider double-checking the application control profile settings to ensure all necessary configurations are in place. Additionally, explore any specific nuances or requirements within the application control profile that might be affecting the desired blocking of Spotify. Given the nature of the issue, it might be worthwhile to explore potential connections with unconventional uses, such as those related & wanna use premium mod Spotify, to ascertain if any unique interactions or configurations are influencing the expected behavior...
Best Regards!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds frustrating that the Spotify block override isn't taking effect. Have you checked the application control settings and ensured that everything is configured properly? Sometimes a small tweak can make all the difference. By the way, for users who need uninterrupted access, Spotify Premium APK iOS offers a seamless experience. Hope you get this issue resolved soon!
SabtainSalem
SabtainSalem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds frustrating that the Spotify block override isn't taking effect. Have you checked the application control settings and ensured that everything is configured properly? Sometimes a small tweak can make all the difference. By the way, for users who need uninterrupted access, Spotify Premium APK iOS offers a seamless experience. Hope you get this issue resolved soon!
SabtainSalem
SabtainSalem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It sounds like you're dealing with a tricky issue! In my experience, when the override block isn't taking effect, it’s often related to the sequence of policies or application control settings not being prioritized correctly. Have you tried reordering the policies to ensure the override is being enforced before any pass actions? Also, double-check if there's any deep inspection or SSL setting that might be allowing traffic to pass despite the block. For users wanting uninterrupted access, Spotify Premium APK iOS could be a great alternative. Hopefully, these tips help get you closer to a solution!
SabtainSalem
SabtainSalem
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Setting override ssh host key on... 129 Views
- PPPoE MTU 125 Views
- VPNSSL Split tunneling using internet services 183 Views
- What FortiOS Event Logs should i... 861 Views
- how to unblocked a website from... 1098 Views
Labels
-
FortiGate
8,081 -
FortiClient
1,624 -
5.2
801 -
FortiManager
682 -
5.4
639 -
FortiAnalyzer
518 -
FortiAP
427 -
FortiSwitch
426 -
6.0
416 -
FortiClient EMS
366 -
5.6
362 -
FortiMail
301 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
189 -
SSL-VPN
179 -
FortiNAC
163 -
IPsec
154 -
6.4
128 -
FortiGuard
125 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
94 -
SD-WAN
89 -
FortiToken
86 -
Customer Service
74 -
Wireless Controller
74 -
FortiAuthenticator
70 -
4.0MR3
64 -
Firewall policy
58 -
FortiProxy
53 -
Fortivoice
50 -
FortiEDR
50 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
FortiDNS
41 -
High Availability
41 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
35 -
LDAP
34 -
FortiSwitch v6.4
33 -
DNS
33 -
BGP
32 -
SAML
31 -
Certificate
30 -
Interface
29 -
SSO
27 -
NAT
27 -
FortiConnect
26 -
FortiConverter
25 -
Authentication
25 -
FortiWAN
24 -
RADIUS
24 -
FortiLink
24 -
FortiGate v5.2
23 -
VDOM
23 -
Application control
21 -
Web profile
21 -
Virtual IP
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Fortigate Cloud
18 -
Logging
18 -
Traffic shaping
17 -
FortiMonitor
16 -
FortiPAM
16 -
FortiDDoS
15 -
FortiGate v5.0
14 -
SSL SSH inspection
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
Admin
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiSOAR
10 -
FortiRecorder
10 -
SNMP
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
System settings
9 -
FortiManager v4.0
8 -
FortiBridge
8 -
RMA Information and Announcements
8 -
IPS signature
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Security profile
7 -
Traffic shaping policy
7 -
Port policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1517 | |
| 1013 | |
| 749 | |
| 443 | |
| 209 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.